interruption losses. The manufacturer
took a stiff reputational hit for its
inability to make good on contracts for
days or weeks while trying to get back
up and running. How can the company
expect their program to respond?

The company’s property policy
might not exclude coverage for
physical damage and business
interruption caused by a cyber attack.
But then again, it just might.

On the other hand, its cyber policy
might only cover the loss of data in the
event of an attack, but not property
damage. Would the equipment
manufacturer’s product liability policy
respond? The software developer’s
errors and omissions policy might
respond, but maybe not, if the damage
was caused by the attacker rather than
by the programming error directly.

With each loss scenario composed
of its own unique set of variables,
questions about where liability rests
are likely to result in a lot of finger-pointing between stakeholders.

“If there’s a part that goes bad and
it’s just a one-off, then maybe we have a
product liability issue,” said Lucker.

“If there are a couple hundred
[pieces of equipment affected], maybe
it’s a product recall liability issue. It
could be errors and omissions — the
engineer could have made a mistake,
the programmer could have made
an error. It could be directors and
officers liability — this could have
been an issue that was discussed in the
boardroom and the board didn’t react
appropriately so these other liabilities
could flow upwards to the boardroom.

“We’ve shifted something thatused to be fairly simple — who’s atfault and who’s going to pay for it —to a complex suite of problems andproducts that makes either personal or“In the same way, the developer ofthe software or the manufacturer of thepart that incorporates that software hasthat same liability from the softwaredefect that the manufacturer of thepart previously had,” he said.

The key difference in many cases, he
said, may be that the software company
or the manufacturer of the part using
the software may not have experience
with any significant third-party liability,
and may not have a program that is
designed to respond to that liability.

CLAIM DEVELOPMENT NEEDED

“From the insurance side of this, I
think the biggest risk is that they just
don’t know what the risks are,” said
Lucker.

Insurers are definitely askingquestions, said Denton. But “time willtell whether they’re asking the rightquestions.”The brunt of the challenge willnecessarily fall to underwriters, whoare going to have to become evenmore technologically savvy than everbefore, said McGiffin.

“This is about understandingtechnology in the world at large, andunderstanding it as a function of eachof the industry segments you might bewriting, and each one of the accounts,to be able to identify the proportionof risk introduced by these differentelements — to be able to assess therisk, evaluate the mitigation that’s inplace, and then make decisions andprice the exposure … it’s just taking itto a whole new level of sophistication.”Claim development is another keypiece of the puzzle, she said.

“As we have more and more claimactivity, claim adjudication, claimlitigation, and we understand how theconfluence of technologies and theis evolving and how it could impacttheir organizations, he said.

“Whether it’s their commercialfleet of cars or commercial fleet oftrucks, their warehouse equipment,their manufacturing equipment, theirretail or office buildings … with moreand more interconnectivity, they’redefinitely starting to think about,‘OK where does liability sit, howdoes it arise, and who’s going to beresponsible?’ ”“There really isn’t an industry outthere that’s not exposed to additionalrisks already as a result of thistechnology,” said Marsh’s Denton.

“So everybody — whether industrialusers, drivers, auto or refrigeratormanufacturers — everybody’s got tograpple with this new technology andthat potential increase in exposures andrisks and how their insurance programwill respond to that.”That’s why no business can afford tosimply renew their insurance programwithout due diligence, he added. “Youcan’t just renew your program withthe same limits and the same type ofcoverage. As technology changes …the nature of the risk may increaseor decrease or the size of the riskwill change. You need to constantlyevaluate your program to see if itresponds to the potential magnitude ofthe exposure.”Risk managers must be continuallyasking, “Are the products that I’vehistorically bought the right ones tobuy to protect the risks that I havenow?” said Hendrick.

Companies will need to keep
assessing their own programs as well
as their suppliers’ programs to ensure
they have the right amount of coverage
in the new technology enabled world,
he said.

The goal is to stay ahead of each
wave of change and keep adapting, he
added.

“Challenge yourself to constantly
keep in tune with how your company’s
risk profile is changing based on this
technology revolution,” he said. &

MICHELLE KERR is an associate editor at
Risk & Insurance. She can be reached at
mkerr@lrp.com.

development will be necessary to guide
new products, said Hendrick.

“Quite often your best intentions
of what you meant to spell out and
what you did spell out end up being
interpreted differently by a court of
law,” he said.

Insurers, said Lucker, will have to
“redraft and recraft” policies to create
more clarity about the risks they’re
taking on.

As that claims history develops,
paths to subrogation may become
less clear for insurers, said experts.
Difficulties tracing through the supply
chain to understand the role of each
player will make it more challenging
first to sort out which policy is the
primary, but then to understand the
litigation path to recover from other
parties who share blame for the loss.

“In the end, the primary insurance
policy, whatever it is … regulators are
going to hold that insurer responsible
for doing the right thing for the
insured — getting a check cut or
getting something fixed or making sure
that somebody’s medical bills are paid,”
said Lucker.

“The consumer has to be madewhole in a fair way. How that getssorted out behind the scenes among allof the various parties — that becomesthe insurance companies’ problem orthe insurance ecosystem’s problem.”For their part, regulators, at somepoint, “are going to have to startthinking more about this tangledweb of potential liability and all ofthis contractual finger-pointing andsubrogation, and how the industry isgoing to sort this all out,” said Lucker.

“It’s going to produce a whole
lot of litigation so this is a kind of
permanent employment plan for the
legal profession and it’s not going to be
simple to sort out.”

RISK MANAGERS MUST KEEP PACE

It’s unclear whether everyonealong the chain of those who makeand produce autonomous, roboticor intelligent equipment is up tospeed on the shifting exposures,In one sense, it’s not thatdifferent from a simple failure of amechanical part, said John Denton,managing director at Marsh USA.

The manufacturer of a defective partor the manufacturer of equipmentincorporating that defective part havehistorically been assigned liability forany accidents arising out of that defect.modern work environment play outthrough claims, we learn how thoselosses are settled and the contributionof each technology — as well as thecombination of technologies — to theroot cause of loss.

“You can’t substitute the years ofclaim history that still have to happen.”

Even though underwriters will try
to manage the exposures with existing
policy forms and language, that claim

“Challenge yourself toconstantly keep in tune withhow your company’s riskprofile is changing based onthis technology revolution.”—Greg Hendrick, president of property &casualty insurance and reinsurance, XL Catlin“Understanding the compounded effect ofthis multitude of technologies and how it’scontributing to exposure and product response— that is the next major challenge area thatwe’re facing in the industry.”— Gail McGiffin, principal, leader of underwriting, product, policy and billingsolutions, EY insurance